This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Flaw in Linux kernel allows attack

The Debian Project warned on Monday that a flaw in the Linux kernel helped attackers compromise four of the open-source software project's development servers. During several intrusions Nov. 19, the flaw enabled an attacker who already had access to a server to remove the limitations that protected the system from everyday users. The technique is known as a privilege escalation.

Members of the development team found the flaw in September and fixed the latest version of the core Linux software, or kernel. The fix came a bit late, however. The latest version of the kernel, 2.4.23, was released Friday, eight days after the Debian breach. The Debian Project, which uses only truly open-source software in its make-up, stressed that the breaches hadn't affected the project's code base.

"Fortunately, we require developers to sign the upload (software) digitally," said Martin Schulze, a developer and member of the project. "These files are stored off-site as well, which were used as a basis for a recheck." The development team promised to lock all developer accounts until the flaw had been found and fixed. The team published patches for the flaw on Monday as well but didn't specify when the accounts would be unlocked.

Certification Links

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

CertForums.com is not sponsored by, endorsed by or affiliated with Cisco Systems, Inc. Cisco®, Cisco Systems®, CCDA™, CCNA™, CCDP™, CCNP™, CCIE™, CCSI™; the Cisco Systems logo and the CCIE logo are trademarks or registered trademarks of Cisco Systems, Inc. All other trademarks, including those of Microsoft, CompTIA, VMware, Juniper ISC(2), and CWNP are trademarks of their respective owners.